AMENDMENTS TO THE CLAIMS 



1. (Currently amended) A method of managing communications between service 
components in a cluster-based computing environment, the cluster-based computing environment 
comprising a plurality of processing nodes interconnected via a network switching system, each 
of the service components being programmed on a respective one of the processing nodes, the 
cluster-based computing environment being coupled to an external network, the method 
comprising: 

assigning to each service component a respective trustworthiness measure and a 
respective criticalitv measure, and using the trustworthiness and criticalitv measures of each 
service component to select a respective processing node of the cluster-based computing 
environment onto which each service component should be programmed; 

programming each service component onto the respective processing node of the cluster- 
based computing environment selected for the service component; 

configuring filter logic in the cluster-based computing environment with rules 
representative of allowed inter-node communications between service components; 

detecting an attempted inter-node communication between service components within the 
cluster-based computing environment, the attempted inter-node communication resulting from a 
service access communication received into the cluster-based computing environment from an 
entity external to the cluster-based computing environment via the external network; 

applying the filter logic to determine that the attempted inter-node communication is not 
allowed; and 

responsively blocking the attempted inter-node communication. 
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2. (Original) The method of claim 1, 

wherein each of the service components is associated with a respective service-access- 
point (SAP) in the cluster-based computing environment; and 

wherein configuring the filter logic with rules representative of allowed inter-node 
communications between service components comprises configuring the filter logic with rules 
indicating allowed communications between respective SAPs in the cluster-based computing 
environment. 



3. (Original) The method of claim 2, wherein the respective SAP of each service 
component comprises an Internet Protocol address of the respective processing node on which 
the service component is programmed. 



4. (Original) The method of claim 3, wherein at least one of the SAPs further 
comprises a port selected from the group consisting of a TCP port and a UDP port. 



5. (Original) The method of claim 1, 

wherein the communications between service components are packet-based; and 
wherein configuring the filter logic with rules representative of allowed inter-node 
communications between service components comprises configuring the filter logic with rules 
each indicating an allowed combination of at least (i) a packet transport protocol, (ii) a source 
address in the cluster-based computing environment and (iii) a destination address in the cluster- 
based computing environment. 
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6. (Original) The method of claim 1, wherein the network switching system 
comprises a switch, and wherein configuring filter logic in the cluster-based computing 
environment comprises setting up the switch to enforce the rules. 

7. (Original) The method of claim 6, 

wherein the switch comprises a packet-filtering agent and a provisioning-interface 
through which instructions may be provided to set up the packet-filtering agent, the switch being 
arranged to translate the instructions into packet-filtering logic executable by the packet-filtering 
agent; and 

wherein setting up the switch to enforce the rules comprises providing the switch, via the 
provisioning-interface, with instructions representative of the rules. 

8. (Original) The method of claim 6, wherein: 

each inter-node communication comprises a packet including a VLAN tag; and 
setting up the switch to enforce the rules comprises setting up the switch with VLAN 
logic associating each service component with a respective VLAN tag, whereby the switch may 
allow a given packet to be routed to a given service component only if the VLAN tag of the 
given packet is associated with the given service component. 

9. (Original) The method of claim 6, wherein setting up the switch to enforce 
the rules comprises setting up the switch with a plurality of static packet routes, each static 
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packet route correlating a respective source service-access-point with a respective destination 
service-access-point. 

1 0. (Original) The method of claim 1 , 

wherein at least a given one of the processing nodes includes a firewall for restricting 
communications with the given processing node; and 

wherein configuring filter logic in the cluster-based computing environment comprises 
provisioning the firewall of the given processing node to allow communications between at least 
one service component programmed on the given processing node and at least one service 
component programmed on another processing node. 

11. (Original) The method of claim 1, wherein the attempted inter-node 
communication comprises an attempted inter-node communication between antagonistic service 
components. 

12. (Original) The method of claim 1 5 wherein: 

the attempted inter-node communication comprises an attempted communication of a 
packet comprised of data; and 

applying the filter logic to determine that the attempted inter-node communication is not 
allowed comprises using the data of the packet to determine that the inter-node communication is 
not allowed. 
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13. (Original) The method of claim 12, wherein the data represents information 
selected from the group consisting of (i) source, (ii) destination and (iii) service level. 

14. (Original) The method of claim 12, wherein using the data of the packet to 
determine that the attempted inter-node communication is not allowed comprises determining, 
based at least in part on the data of the packet, that the attempted inter-node communication does 
not satisfy any of the rules representative of allowed inter-node communications between service 
components. 

15. (Original) The method of claim 1, wherein the attempted inter-node 
communication comprises an attempted communication of a packet from a first processing node 
to a second processing node, and wherein blocking the attempted communication comprises 
dropping the packet. 

16. (Currently amended) A method for managing application logic in a public 
computing platform, the public computing platform comprising a network of processing nodes 
interconnected by a switching system, the public computing platform being coupled to an 
external network, the method comprising: 

receiving specifications of at least two computer-program applications, the applications 
cooperatively comprising a number of application components; 

generating access control rules defining allowed communications between the application 
components; 
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assigning to each of the application components a respective trustworthiness measure and 
a respective criticalitv measure, and using the trustworthiness and criticalitv measures of the 
application components to select the processing nodes of the public computing platform onto 
which the application components should be loaded; 

loading the application components of the at least two applications onto the selected 
processing nodes at l e ast two of th e proc e ssing nod e s of the public computing platform, wherein 
the selected processing nodes include at least two processing nodes of the public computing 
platform, whereby the processing nodes may then execute the application components; and 

provisioning the public computing platform to allow inter-node communications 
involving comprising the allowed communications between application components and to 
disallow other inter-node communications, 

wherein each inter-node communication, whether allowed or disallowed, is a 
communication between processing nodes of the public computing platform resulting from an 
application access communication received into the public computing platform from an entity 
external to the public computing platform via the external network, 

whereby, in response to an attempted communication between application components, 
the public computing platform may determine that the attempted communication is not allowed 
and may responsively block the attempted communication. 



17. (Cancelled) 



1 8. (Currently amended) A public computing platform comprising: 

a network switching system communicatively coupled to an external network; 
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a plurality of processing nodes interconnected via the network switching system; 

a plurality of application components ; load e d onto th e proc es sing nodes, 

first logic for assigning a respective trustworthiness measure and a respective criticalitv 
measure to each of the plurality of application components and for using the trustworthiness and 
criticalitv measures of the plurality of application components to select processing nodes of the 
public computing platform onto which the plurality of application components should be loaded; 

second logic for loading the plurality of application components onto the selected 
processing nodes, each application component having a respective service-access-point defining 

(i) a network address of the processing node on which the application component is loaded and 

(ii) a port at the processing node, the port being associated with the application component; and 

third logic indicating allowed inter-node communications between application 
components; 

the third logic being executable, in response to an attempted inter-node communication 
between application components within the public computing platform, to make a determination 
of whether the attempted inter-node communication is allowed, wherein the attempted inter-node 
communication occurs as a result of an application access communication received into the 
network switching system via the external network; and 

the third logic being executable, in response to a determination that the attempted inter- 
node communication is not allowed, to block the attempted inter-node communication. 

19. (Original) The public computing platform of claim 18, wherein the switching 
system comprises a network switch having a packet-filtering agent, and wherein the logic is 
embodied at least in part in the packet-filtering agent. 
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20. (Original) The public computing platform of claim 18, wherein, for a given 
attempted inter-node communication between a first application component and a second 
application component, the logic is executable to determine whether the given attempted inter- 
node communication is allowed based at least in part on a parameter selected from the group 
consisting of (i) the service-access-point of the first service application component and (ii) the 
service-access-point of the second application component. 

2 1 . (Original) The public computing platform of claim 1 8, 

wherein at least a first one of the application components loaded onto a first processing 
node of the public computing platform is owned by a first application provider, and at least a 
second one of the application components loaded onto a second processing node of the public 
computing platform is owned by a second application provider; and 

wherein the first application provider is in competition with the second application 
provider for business. 

22. (Original) The public computing platform of claim 21, wherein the first 
application component is a component of a first application, the second application component is 
a component of a second application, and the first application and second application are 
competing applications. 
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